Which Major CAs Offer Elliptic Curve Certificates? A Developer’s Guide to ECC SSL/TLS Implementation


2 views

Elliptic Curve Cryptography (ECC) offers significant advantages over traditional RSA, including smaller key sizes with equivalent security and better performance. However, adoption in public PKI has been slower than expected. Several major Certificate Authorities (CAs) do support ECC, though their offerings might not be prominently advertised.

Here are some well-known CAs that issue ECC certificates with roots trusted by major browsers:

  • DigiCert: Offers ECC certificates with their "DigiCert ECC Root"
  • Sectigo (formerly Comodo): Uses "COMODO ECC Certification Authority" root
  • GlobalSign: Supports ECC through their "GlobalSign ECC Root CA"
  • Let's Encrypt: Provides free ECC certificates (though not all clients support their ECC chain)

Modern browsers generally support ECC certificates well. Here's a quick compatibility check:


// JavaScript snippet to check ECC support
if (window.crypto && window.crypto.subtle) {
    crypto.subtle.generateKey(
        {
            name: "ECDSA",
            namedCurve: "P-256"
        },
        true,
        ["sign", "verify"]
    ).then(() => console.log("ECC supported"))
    .catch(() => console.log("ECC not supported"));
}

Here's how to configure ECC certificates on common web servers:

Nginx Configuration


server {
    listen 443 ssl;
    server_name example.com;
    
    # RSA certificate as fallback
    ssl_certificate /path/to/rsa.crt;
    ssl_certificate_key /path/to/rsa.key;
    
    # ECC certificate
    ssl_certificate /path/to/ecc.crt;
    ssl_certificate_key /path/to/ecc.key;
    
    # Preferred ECC cipher suites
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384';
    ssl_prefer_server_ciphers on;
}

Apache Configuration


<VirtualHost *:443>
    ServerName example.com
    
    # RSA certificate
    SSLCertificateFile /path/to/rsa.crt
    SSLCertificateKeyFile /path/to/rsa.key
    
    # ECC certificate
    SSLCertificateFile /path/to/ecc.crt
    SSLCertificateKeyFile /path/to/ecc.key
    
    # Prioritize ECC
    SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
    SSLHonorCipherOrder on
</VirtualHost>

Prices for ECC certificates are generally comparable to RSA certificates from the same CA:

  • DigiCert: $199-$799/year depending on validation level
  • Sectigo: $49-$499/year
  • GlobalSign: $249-$699/year
  • Let's Encrypt: Free (but with shorter validity periods)

Here's a simple OpenSSL benchmark comparing ECC and RSA:


# Benchmark RSA
openssl speed rsa2048

# Benchmark ECC
openssl speed ecdsap256

# Compare TLS handshake performance
openssl s_time -connect example.com:443 -new -cipher ECDHE-ECDSA-AES256-GCM-SHA384
openssl s_time -connect example.com:443 -new -cipher ECDHE-RSA-AES256-GCM-SHA384

When transitioning to ECC certificates, consider this phased approach:

  1. Obtain both RSA and ECC certificates from your CA
  2. Configure your server to serve both certificates
  3. Monitor client support and performance
  4. Gradually increase preference for ECC cipher suites
  5. Eventually phase out RSA if possible

Watch out for these issues when implementing ECC:

  • Older Android devices (pre-4.0) may have limited ECC support
  • Some legacy systems might not support modern ECC curves
  • Mixed content issues if your site loads resources from non-ECC enabled servers
  • Ensure your intermediate certificates properly chain to an ECC root

Several major Certificate Authorities (CAs) do offer Elliptic Curve Cryptography (ECC) certificates, though availability varies. Here are the key providers:

// Example of checking ECC support in OpenSSL
openssl ecparam -list_curves | grep 'prime256v1'
// Output should show supported curves like:
//  prime256v1 : X9.62/SECG curve over a 256 bit prime field
  • DigiCert: Offers ECC certificates with their Secure Site Pro product line. Pricing starts at $995/year.
  • Sectigo (formerly Comodo): Their ECC root is widely trusted, with certificates starting at $499/year.
  • GlobalSign: Provides ECC options across their product range, from $699/year.
  • Entrust: Offers ECC certificates with their EV SSL product at $1,299/year.

When implementing ECC certificates, consider these browser compatibility stats:

Browser ECC Support
Firefox 3.5+ Full support
Chrome 30+ Full support
IE 8+ Partial support (requires updates)

Here's how to configure ECC certificates in Nginx:

server {
    listen 443 ssl;
    ssl_certificate /path/to/ecc_cert.pem;
    ssl_certificate_key /path/to/ecc_key.pem;
    ssl_ecdh_curve prime256v1;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256';
    # Additional security settings...
}

ECDSA signature verification is significantly faster than RSA:

# openssl speed ecdsap256 rsa2048
Doing 256 bit ecdsa's for 10s: 42818 256 bit ECDSA signs in 9.99s
Doing 2048 bit private rsa's for 10s: 3262 2048 bit private RSA's in 9.99s

The validation process for ECC certificates is identical to RSA certificates. All major CAs use the same validation methods (DV, OV, EV). The only difference is the cryptographic algorithm used in the certificate.

For systems that must support older clients, consider implementing dual certificates:

server {
    listen 443 ssl;
    ssl_certificate /path/to/rsa_cert.pem;
    ssl_certificate_key /path/to/rsa_key.pem;
    ssl_certificate /path/to/ecc_cert.pem;
    ssl_certificate_key /path/to/ecc_key.pem;
    # Modern clients will prefer ECC
}

All ECC patents held by Certicom (now BlackBerry) have expired as of 2023. There are no remaining intellectual property barriers to ECC adoption.